Merge pull request #369 from TheophileDiot/dev
Advancements in the examples migration to 1.5
This commit is contained in:
commit
f0f9d7dcf3
|
@ -21,28 +21,9 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_1=/core/install.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_1=5r/s
|
||||
- |
|
||||
bunkerweb.CUSTOM_CONF_MODSEC_CRS_drupal=
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_drupal=1"
|
||||
CUSTOM_CONF_MODSEC_CRS_drupal=SecAction "id:900130,phase:1,nolog,pass,t:none,setvar:tx.crs_exclusions_drupal=1"
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=drupaldb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -24,19 +24,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_2=/installation/index.php
|
||||
- bunkerweb.LIMIT_REQ_RATE_2=8r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=joomla_db
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match JOOMLA_DB_PASSWORD)
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data # contains upstreams definition at http context
|
||||
- bw-data:/data # contains upstreams definition at http context
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -31,15 +32,57 @@ services:
|
|||
server app2:80;
|
||||
server app3:80;
|
||||
}
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
app1:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
app2:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
app3:
|
||||
image: tutum/hello-world
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -43,19 +43,7 @@ services:
|
|||
volumes:
|
||||
- ./elasticsearch-data:/bitnami/elasticsearch/data
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.2
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=magentodb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,11 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete magento
|
||||
kubectl delete pvc data-magento-elasticsearch-data-0
|
||||
kubectl delete pvc data-magento-elasticsearch-master-0
|
||||
kubectl delete pvc data-magento-mariadb-0
|
||||
kubectl delete pvc data-magento-mariadb-0
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${MAGENTO_USER:-user}:${MAGENTO_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,22 +17,47 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mymagento:8080
|
||||
- |
|
||||
CUSTOM_CONF_SERVER_HTTP_magento=
|
||||
proxy_busy_buffers_size 512k;
|
||||
proxy_buffers 4 512k;
|
||||
proxy_buffer_size 256k;
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
SERVE_FILES: "no"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
USE_GZIP: "yes"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "http://mymagento:8080"
|
||||
CUSTOM_CONF_SERVER_HTTP_magento: "proxy_busy_buffers_size 512k;proxy_buffers 4 512k;proxy_buffer_size 256k;"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mymagento:
|
||||
image: bitnami/magento:2
|
||||
|
@ -42,10 +71,12 @@ services:
|
|||
- MAGENTO_ENABLE_HTTPS=yes
|
||||
- MAGENTO_ENABLE_ADMIN_HTTPS=yes
|
||||
- MAGENTO_DATABASE_HOST=mydb
|
||||
- MAGENTO_DATABASE_NAME=magentodb
|
||||
- MAGENTO_DATABASE_USER=user
|
||||
- MAGENTO_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- MAGENTO_DATABASE_NAME=${MAGENTO_DATABASE:-magentodb}
|
||||
- MAGENTO_DATABASE_USER=${MAGENTO_USER:-user}
|
||||
- MAGENTO_DATABASE_PASSWORD=${MAGENTO_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
- ELASTICSEARCH_HOST=myelasticsearch
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
myelasticsearch:
|
||||
image: bitnami/elasticsearch:7
|
||||
|
@ -53,13 +84,30 @@ services:
|
|||
# see setup-docker.sh
|
||||
volumes:
|
||||
- ./elasticsearch-data:/bitnami/elasticsearch/data
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.2
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=magentodb
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MAGENTO_DATABASE_PASSWORD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${MAGENTO_USER:-user}\"; CREATE USER \"${MAGENTO_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${MAGENTO_DATABASE:-magentodb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${MAGENTO_DATABASE:-magentodb}.* TO \"${MAGENTO_USER:-user}\"@\"%\" IDENTIFIED BY \"${MAGENTO_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${MAGENTO_USER:-user}\"@\"%\" IDENTIFIED BY \"${MAGENTO_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm install -f magento-chart-values.yml magento bitnami/magento
|
||||
helm install -f magento-chart-values.yml magento bitnami/magento
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
||||
"timeout": 360,
|
||||
"no_copy_container": true,
|
||||
"delay": 180,
|
||||
"delay": 240,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -63,29 +63,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_3=^/static/
|
||||
- bunkerweb.LIMIT_REQ_RATE_3=10r/s
|
||||
|
||||
postgres:
|
||||
image: postgres:${POSTGRES_IMAGE_TAG}
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- postgres
|
||||
restart: ${RESTART_POLICY}
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
pids_limit: 100
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- /tmp
|
||||
- /var/run/postgresql
|
||||
volumes:
|
||||
- ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
|
||||
environment:
|
||||
# timezone inside container
|
||||
- TZ
|
||||
# necessary Postgres options/variables
|
||||
- POSTGRES_USER
|
||||
- POSTGRES_PASSWORD
|
||||
- POSTGRES_DB
|
||||
# For the postgres database, you can refer to the example of the autoconf including a postgres database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete mattermost
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,37 +17,66 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- SERVE_FILES=no
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- USE_GZIP=yes
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "${DOMAIN}" # set your domain name in the .env file, for additional domains, just add them separated by a space
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
SERVE_FILES: "no"
|
||||
MAX_CLIENT_SIZE: "50m"
|
||||
USE_GZIP: "yes"
|
||||
# Methods used to query the api
|
||||
# more info at https://api.mattermost.com/
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|DELETE|PUT
|
||||
ALLOWED_METHODS: "GET|POST|HEAD|DELETE|PUT"
|
||||
# Reverse proxy to Mattermost
|
||||
# second endpoint needs websocket enabled
|
||||
# more info at https://docs.mattermost.com/install/config-proxy-nginx.html
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_INTERCEPT_ERRORS=no
|
||||
- REVERSE_PROXY_URL_1=/
|
||||
- REVERSE_PROXY_HOST_1=http://mattermost:8065
|
||||
- REVERSE_PROXY_URL_2=~ /api/v[0-9]+/(users/)?websocket$$
|
||||
- REVERSE_PROXY_HOST_2=http://mattermost:8065
|
||||
- REVERSE_PROXY_WS_2=yes
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_INTERCEPT_ERRORS: "no"
|
||||
REVERSE_PROXY_URL_1: "/"
|
||||
REVERSE_PROXY_HOST_1: "http://mattermost:8065"
|
||||
REVERSE_PROXY_URL_2: "~ /api/v[0-9]+/(users/)?websocket$$"
|
||||
REVERSE_PROXY_HOST_2: "http://mattermost:8065"
|
||||
REVERSE_PROXY_WS_2: "yes"
|
||||
# Default limit rate for URLs
|
||||
- LIMIT_REQ_URL_1=/
|
||||
- LIMIT_REQ_RATE_1=3r/s
|
||||
LIMIT_REQ_URL_1: "/"
|
||||
LIMIT_REQ_RATE_1: "3r/s"
|
||||
# Limit rate for api endpoints
|
||||
- LIMIT_REQ_URL_2=^/api/
|
||||
- LIMIT_REQ_RATE_2=10r/s
|
||||
LIMIT_REQ_URL_2: "^/api/"
|
||||
LIMIT_REQ_RATE_2: "10r/s"
|
||||
# Limit rate for static resources
|
||||
- LIMIT_REQ_URL_3=^/static/
|
||||
- LIMIT_REQ_RATE_3=10r/s
|
||||
LIMIT_REQ_URL_3: "^/static/"
|
||||
LIMIT_REQ_RATE_3: "10r/s"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mattermost:
|
||||
depends_on:
|
||||
|
@ -77,6 +110,8 @@ services:
|
|||
- MM_BLEVESETTINGS_INDEXDIR
|
||||
# additional settings
|
||||
- MM_SERVICESETTINGS_SITEURL
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
postgres:
|
||||
image: postgres:${POSTGRES_IMAGE_TAG}
|
||||
|
@ -90,13 +125,27 @@ services:
|
|||
- /var/run/postgresql
|
||||
volumes:
|
||||
- ${POSTGRES_DATA_PATH}:/var/lib/postgresql/data
|
||||
- ./init-db.sh:/docker-entrypoint-initdb.d/init-db.sh
|
||||
environment:
|
||||
# timezone inside container
|
||||
- TZ
|
||||
# necessary Postgres options/variables
|
||||
- POSTGRES_USER
|
||||
- POSTGRES_PASSWORD
|
||||
- POSTGRES_DB
|
||||
- POSTGRES_MULTIPLE_DATABASES=${POSTGRES_DB},${BUNKERWEB_DATABASE:-bunkerweb}
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
set -u
|
||||
|
||||
function create_user_and_database() {
|
||||
local database=$1
|
||||
echo " Creating user and database '$database'"
|
||||
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" <<-EOSQL
|
||||
CREATE USER $database;
|
||||
CREATE DATABASE $database;
|
||||
GRANT ALL PRIVILEGES ON DATABASE $database TO $database;
|
||||
EOSQL
|
||||
}
|
||||
|
||||
if [ -n "$POSTGRES_MULTIPLE_DATABASES" ]; then
|
||||
echo "Multiple database creation requested: $POSTGRES_MULTIPLE_DATABASES"
|
||||
for db in $(echo $POSTGRES_MULTIPLE_DATABASES | tr ',' ' '); do
|
||||
create_user_and_database $db
|
||||
done
|
||||
echo "Multiple databases created"
|
||||
fi
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add mattermost https://helm.mattermost.com
|
||||
helm install -f mattermost-chart-values.yml mattermost mattermost/mattermost-team-edition
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "mattermost",
|
||||
"kinds": ["docker", "autoconf", "kubernetes"],
|
||||
"timeout": 60,
|
||||
"delay": 60,
|
||||
"delay": 300,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "3"
|
|||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,9 +13,10 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- API_WHITELIST_IP=127.0.0.0/8 10.20.30.0/24
|
||||
- SERVE_FILES=no
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
|
@ -27,6 +28,32 @@ services:
|
|||
- |
|
||||
CUSTOM_CONF_MODSEC_mongo-express=
|
||||
SecRule REQUEST_FILENAME "@rx ^/db" "id:1,ctl:ruleRemoveByTag=attack-generic,ctl:ruleRemoveByTag=attack-protocol,nolog"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
- DOCKER_HOST=tcp://docker-proxy:2375
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mongo:
|
||||
image: mongo:latest
|
||||
|
@ -36,6 +63,8 @@ services:
|
|||
- MONGO_INITDB_ROOT_USERNAME=root # replace with a less obvious username
|
||||
- MONGO_INITDB_ROOT_PASSWORD=toor # replace with a better password
|
||||
- MONGO_INITDB_DATABASE=mongo # replace with the database name of your choice
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mongo-ui:
|
||||
image: mongo-express:latest
|
||||
|
@ -48,6 +77,18 @@ services:
|
|||
restart: unless-stopped
|
||||
depends_on:
|
||||
- mongo
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"name": "mongo-express",
|
||||
"kinds": ["docker", "autoconf"],
|
||||
"timeout": 60,
|
||||
"delay": 60,
|
||||
"no_copy_container": true,
|
||||
"tests": [
|
||||
{
|
||||
|
|
|
@ -18,30 +18,19 @@ services:
|
|||
- MOODLE_EMAIL=moodle@example.com # replace with your moodle admin email
|
||||
- MOODLE_SITE_NAME=My Moodle # replace with your moodle site name
|
||||
- MOODLE_DATABASE_HOST=mydb
|
||||
- MOODLE_DATABASE_NAME=moodle
|
||||
- MOODLE_DATABASE_USER=user
|
||||
- MOODLE_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- MOODLE_DATABASE_NAME=${MOODLE_DATABASE:-moodledb}
|
||||
- MOODLE_DATABASE_USER=${MOODLE_USER:-user}
|
||||
- MOODLE_DATABASE_PASSWORD=${MOODLE_PASSWORD:-secret} # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
labels:
|
||||
- bunkerweb.SERVER_NAME=www.example.com
|
||||
- bunkerweb.USE_REVERSE_PROXY=yes
|
||||
- bunkerweb.REVERSE_PROXY_URL=/
|
||||
- bunkerweb.REVERSE_PROXY_HOST=https://mymoodle:8443
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.5
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=moodle
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
|
||||
- MARIADB_CHARACTER_SET=utf8mb4
|
||||
- MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
# In this example, you will need to add the following lines to the mydb service:
|
||||
# - MARIADB_CHARACTER_SET=utf8mb4
|
||||
# - MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete moodle
|
||||
kubectl delete pvc data-moodle-mariadb-0
|
||||
kubectl delete pvc data-moodle-mariadb-0
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${MOODLE_USER:-user}:${MOODLE_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,18 +17,47 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=50m
|
||||
- SERVE_FILES=no
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- USE_GZIP=yes
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=https://mymoodle:8443
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
MAX_CLIENT_SIZE: "50m"
|
||||
SERVE_FILES: "no"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
USE_GZIP: "yes"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "https://mymoodle:8443"
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mymoodle:
|
||||
image: bitnami/moodle:latest
|
||||
|
@ -39,21 +72,33 @@ services:
|
|||
- MOODLE_EMAIL=moodle@example.com # replace with your moodle admin email
|
||||
- MOODLE_SITE_NAME=My Moodle # replace with your moodle site name
|
||||
- MOODLE_DATABASE_HOST=mydb
|
||||
- MOODLE_DATABASE_NAME=moodle
|
||||
- MOODLE_DATABASE_USER=user
|
||||
- MOODLE_DATABASE_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- MOODLE_DATABASE_NAME=${MOODLE_DATABASE:-moodledb}
|
||||
- MOODLE_DATABASE_USER=${MOODLE_USER:-user}
|
||||
- MOODLE_DATABASE_PASSWORD=${MOODLE_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.5
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=moodle
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MOODLE_DATABASE_PASSWORD)
|
||||
- MARIADB_CHARACTER_SET=utf8mb4
|
||||
- MARIADB_COLLATE=utf8mb4_unicode_ci
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${MOODLE_USER:-user}\"; CREATE USER \"${MOODLE_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${MOODLE_DATABASE:-moodledb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${MOODLE_DATABASE:-moodledb}.* TO \"${MOODLE_USER:-user}\"@\"%\" IDENTIFIED BY \"${MOODLE_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${MOODLE_USER:-user}\"@\"%\" IDENTIFIED BY \"${MOODLE_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add bitnami https://charts.bitnami.com/bitnami
|
||||
helm install -f moodle-chart-values.yml moodle bitnami/moodle
|
||||
helm install -f moodle-chart-values.yml moodle bitnami/moodle
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
"name": "moodle",
|
||||
"kinds": ["docker", "autoconf", "swarm", "kubernetes"],
|
||||
"timeout": 300,
|
||||
"delay": 180,
|
||||
"delay": 300,
|
||||
"tests": [
|
||||
{
|
||||
"type": "string",
|
||||
|
|
|
@ -56,20 +56,7 @@ services:
|
|||
bunkerweb.CUSTOM_CONF_MODSEC_nextcloud=
|
||||
SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
|
||||
mydb:
|
||||
image: mariadb
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
networks:
|
||||
bw-services:
|
||||
aliases:
|
||||
- mydb
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
# For the database, you can refer to the example of the autoconf including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
|
|
@ -1,8 +1,3 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm delete nextcloud
|
||||
helm delete nextcloud
|
||||
|
|
|
@ -1,8 +1,12 @@
|
|||
version: "3"
|
||||
|
||||
x-bunkerweb-env:
|
||||
&bunkerweb-env
|
||||
DATABASE_URI: "mariadb+pymysql://${NEXTCLOUD_USER:-user}:${NEXTCLOUD_PASSWORD:-secret}@mydb:3306/${BUNKERWEB_DATABASE:-bunkerweb}"
|
||||
|
||||
services:
|
||||
mybunker:
|
||||
image: bunkerity/bunkerweb:1.4.3
|
||||
image: bunkerity/bunkerweb:1.5.0
|
||||
ports:
|
||||
- 80:8080
|
||||
- 443:8443
|
||||
|
@ -13,74 +17,113 @@ services:
|
|||
# another example for existing folder : chown -R root:101 folder && chmod -R 770 folder
|
||||
# more info at https://docs.bunkerweb.io
|
||||
volumes:
|
||||
- bw_data:/data
|
||||
- bw-data:/data
|
||||
environment:
|
||||
- SERVER_NAME=www.example.com # replace with your domain
|
||||
- AUTO_LETS_ENCRYPT=yes
|
||||
- DISABLE_DEFAULT_SERVER=yes
|
||||
- MAX_CLIENT_SIZE=10G
|
||||
- USE_CLIENT_CACHE=yes
|
||||
- SERVE_FILES=no
|
||||
- ALLOWED_METHODS=GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS
|
||||
- X_FRAME_OPTIONS=SAMEORIGIN
|
||||
- USE_GZIP=yes
|
||||
- BAD_BEHAVIOR_STATUS_CODES=400 401 403 405 444
|
||||
- USE_REVERSE_PROXY=yes
|
||||
- REVERSE_PROXY_URL=/
|
||||
- REVERSE_PROXY_HOST=http://mync
|
||||
- LIMIT_REQ_URL_1=/apps
|
||||
- LIMIT_REQ_RATE_1=5r/s
|
||||
- LIMIT_REQ_URL_2=/apps/text/session/sync
|
||||
- LIMIT_REQ_RATE_2=8r/s
|
||||
- LIMIT_REQ_URL_3=/core/preview
|
||||
- LIMIT_REQ_RATE_3=5r/s
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_CRS_nextcloud=
|
||||
<<: *bunkerweb-env
|
||||
SERVER_NAME: "www.example.com" # replace with your domain
|
||||
API_WHITELIST_IP: "127.0.0.0/8 10.20.30.0/24"
|
||||
AUTO_LETS_ENCRYPT: "yes"
|
||||
DISABLE_DEFAULT_SERVER: "yes"
|
||||
MAX_CLIENT_SIZE: "10G"
|
||||
USE_CLIENT_CACHE: "yes"
|
||||
SERVE_FILES: "no"
|
||||
ALLOWED_METHODS: "GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS"
|
||||
X_FRAME_OPTIONS: "SAMEORIGIN"
|
||||
USE_GZIP: "yes"
|
||||
BAD_BEHAVIOR_STATUS_CODES: "400 401 403 405 444"
|
||||
USE_REVERSE_PROXY: "yes"
|
||||
REVERSE_PROXY_URL: "/"
|
||||
REVERSE_PROXY_HOST: "http://mync"
|
||||
LIMIT_REQ_URL_1: "/apps"
|
||||
LIMIT_REQ_RATE_1: "5r/s"
|
||||
LIMIT_REQ_URL_2: "/apps/text/session/sync"
|
||||
LIMIT_REQ_RATE_2: "8r/s"
|
||||
LIMIT_REQ_URL_3: "/core/preview"
|
||||
LIMIT_REQ_RATE_3: "5r/s"
|
||||
CUSTOM_CONF_MODSEC_CRS_nextcloud: "\
|
||||
SecAction \
|
||||
"id:900130,\
|
||||
\"id:900130,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:tx.crs_exclusions_nextcloud=1"
|
||||
setvar:tx.crs_exclusions_nextcloud=1\"
|
||||
|
||||
# WebDAV
|
||||
SecAction \
|
||||
"id:900200,\
|
||||
\"id:900200,\
|
||||
phase:1,\
|
||||
nolog,\
|
||||
pass,\
|
||||
t:none,\
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'"
|
||||
- |
|
||||
CUSTOM_CONF_MODSEC_nextcloud=
|
||||
SecRule REQUEST_FILENAME "@rx ^/remote.php/dav/files/" "id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog"
|
||||
setvar:'tx.allowed_methods=GET POST HEAD COPY DELETE LOCK MKCOL MOVE PROPFIND PROPPATCH PUT UNLOCK OPTIONS'\""
|
||||
CUSTOM_CONF_MODSEC_nextcloud: "\
|
||||
SecRule REQUEST_FILENAME \"@rx ^/remote.php/dav/files/\" \"id:1000,ctl:ruleRemoveByTag=attack-protocol,ctl:ruleRemoveByTag=attack-generic,nolog\""
|
||||
labels:
|
||||
- "bunkerweb.INSTANCE" # required for the scheduler to recognize the container
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
bw-scheduler:
|
||||
image: bunkerity/bunkerweb-scheduler:1.5.0
|
||||
depends_on:
|
||||
- mybunker
|
||||
environment:
|
||||
<<: *bunkerweb-env
|
||||
DOCKER_HOST: "tcp://docker-proxy:2375"
|
||||
volumes:
|
||||
- bw-data:/data
|
||||
networks:
|
||||
- bw-universe
|
||||
- net-docker
|
||||
|
||||
docker-proxy:
|
||||
image: tecnativa/docker-socket-proxy
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock:ro
|
||||
environment:
|
||||
- CONTAINERS=1
|
||||
networks:
|
||||
- net-docker
|
||||
|
||||
mync:
|
||||
image: nextcloud:24-apache
|
||||
volumes:
|
||||
- ./nc-files:/var/www/html
|
||||
environment:
|
||||
- MYSQL_HOST=mydb
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
- NEXTCLOUD_ADMIN_USER=admin # replace with the admin username
|
||||
- NEXTCLOUD_ADMIN_PASSWORD=changeme # replace with a stronger password
|
||||
- NEXTCLOUD_TRUSTED_DOMAINS=www.example.com # replace with your domain(s)
|
||||
- TRUSTED_PROXIES=192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
|
||||
- APACHE_DISABLE_REWRITE_IP=1
|
||||
- MYSQL_HOST=mydb
|
||||
- MYSQL_DATABASE=${NEXTCLOUD_DATABASE:-nextclouddb}
|
||||
- MYSQL_USER=${NEXTCLOUD_USER:-user}
|
||||
- MYSQL_PASSWORD=${NEXTCLOUD_PASSWORD:-secret} # set a stronger password in a .env file (must match MYSQL_PASSWORD)
|
||||
networks:
|
||||
- bw-services
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.9
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
image: mariadb:10.5
|
||||
volumes:
|
||||
- ./db-data:/var/lib/mysql
|
||||
- db-data:/var/lib/mysql
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
|
||||
entrypoint: sh -c "echo 'DROP USER IF EXISTS \"${NEXTCLOUD_USER:-user}\"; CREATE USER \"${NEXTCLOUD_USER:-user}\"@\"%\"; CREATE DATABASE IF NOT EXISTS ${NEXTCLOUD_DATABASE:-nextclouddb}; CREATE DATABASE IF NOT EXISTS ${BUNKERWEB_DATABASE:-bunkerweb}; GRANT ALL PRIVILEGES ON ${NEXTCLOUD_DATABASE:-nextclouddb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; GRANT ALL PRIVILEGES ON ${BUNKERWEB_DATABASE:-bunkerweb}.* TO \"${NEXTCLOUD_USER:-user}\"@\"%\" IDENTIFIED BY \"${NEXTCLOUD_PASSWORD:-secret}\"; FLUSH PRIVILEGES;' > /docker-entrypoint-initdb.d/init.sql; /usr/local/bin/docker-entrypoint.sh --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci"
|
||||
networks:
|
||||
- bw-universe
|
||||
- bw-services
|
||||
|
||||
volumes:
|
||||
bw_data:
|
||||
bw-data:
|
||||
db-data:
|
||||
|
||||
networks:
|
||||
bw-universe:
|
||||
ipam:
|
||||
driver: default
|
||||
config:
|
||||
- subnet: 10.20.30.0/24
|
||||
bw-services:
|
||||
net-docker:
|
||||
|
|
|
@ -7,7 +7,7 @@ metadata:
|
|||
bunkerweb.io/www.example.com_MAX_CLIENT_SIZE: "10G"
|
||||
bunkerweb.io/www.example.com_ALLOWED_METHODS: "GET|POST|HEAD|COPY|DELETE|LOCK|MKCOL|MOVE|PROPFIND|PROPPATCH|PUT|UNLOCK|OPTIONS"
|
||||
bunkerweb.io/www.example.com_X_FRAME_OPTIONS: "SAMEORIGIN"
|
||||
bunkerweb.io/www.example.com_BAD_BEHAVIOR_STATUS_CODES: "400 401 403 405 444"
|
||||
bunkerweb.io/www.example.com_BAD_BEHAVIOR_STATUS_CODES: "400 401.4.4 405 444"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_URL_1: "/apps"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_RATE_1: "5r/s"
|
||||
bunkerweb.io/www.example.com_LIMIT_REQ_URL_2: "/apps/text/session/sync"
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
#!/bin/bash
|
||||
|
||||
if [ $(id -u) -ne 0 ] ; then
|
||||
echo "❌ Run me as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
helm repo add nextcloud https://nextcloud.github.io/helm/
|
||||
helm install -f nextcloud-chart-values.yml nextcloud nextcloud/nextcloud
|
||||
helm install -f nextcloud-chart-values.yml nextcloud nextcloud/nextcloud
|
||||
|
|
|
@ -37,22 +37,7 @@ services:
|
|||
- bunkerweb.LIMIT_REQ_URL_3=/core/preview
|
||||
- bunkerweb.LIMIT_REQ_RATE_3=5r/s
|
||||
|
||||
mydb:
|
||||
image: mariadb:10.9
|
||||
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
|
||||
volumes:
|
||||
- db_data:/var/lib/mysql
|
||||
networks:
|
||||
- bw-services
|
||||
environment:
|
||||
- MYSQL_ROOT_PASSWORD=db-root-pwd # replace with a stronger password
|
||||
- MYSQL_DATABASE=nc
|
||||
- MYSQL_USER=user
|
||||
- MYSQL_PASSWORD=db-user-pwd # replace with a stronger password (must match MYSQL_PASSWORD)
|
||||
deploy:
|
||||
placement:
|
||||
constraints:
|
||||
- "node.role==worker"
|
||||
# For the database, you can refer to the example of the autoconf in swarm mode including a database
|
||||
|
||||
networks:
|
||||
bw-services:
|
||||
|
@ -61,4 +46,3 @@ networks:
|
|||
|
||||
volumes:
|
||||
nc_files:
|
||||
db_data:
|
||||
|
|
Loading…
Reference in New Issue